CVE-2025-49222
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-25
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_server | From 9.11.0 (inc) to 9.11.18 (exc) |
| mattermost | mattermost_server | From 10.5.0 (inc) to 10.5.9 (exc) |
| mattermost | mattermost_server | From 10.8.0 (inc) to 10.8.4 (exc) |
| mattermost | mattermost_server | From 10.9.0 (inc) to 10.9.3 (exc) |
| mattermost | mattermost_server | 10.10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain versions of Mattermost where the system fails to properly validate the types of files uploaded during remote cluster upload sessions. This flaw allows a system administrator to upload files that are not typical attachments through shared channels, potentially placing these files in arbitrary directories on the filesystem.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a system administrator to upload unauthorized file types into arbitrary filesystem locations. This could lead to unauthorized file placement, which might be exploited to compromise system integrity or security, potentially leading to data exposure or other security issues.